CVE-2011-4192

kiwi < 4.85.1 - OS Command Injection via kiwi_oemtitle Profile Parameter

Title source: llm
STIX 2.1

Description

kiwi before 4.85.1, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands as demonstrated by "double quotes in kiwi_oemtitle of .profile."

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00015.html

Scores

EPSS 0.0050
EPSS Percentile 66.1%

Details

Status published
Products (3)
suse/kiwi < 4.85
suse/studio_extension_for_system_z 1.2
suse/studio_onsite 1.2
Published Apr 16, 2014
Tracked Since Feb 18, 2026